summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft.c7
-rwxr-xr-xiptables/tests/shell/testcases/nft-only/0001compat_021
2 files changed, 27 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 07e15c7a..347a4438 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3006,7 +3006,12 @@ static int nft_are_chains_compatible(struct nft_handle *h, const char *tablename
chain = nftnl_chain_list_iter_next(iter);
while (chain != NULL) {
- if (!nft_chain_builtin(chain))
+ const char *chain_table;
+
+ chain_table = nftnl_chain_get_str(chain, NFTNL_CHAIN_TABLE);
+
+ if (strcmp(chain_table, tablename) ||
+ !nft_chain_builtin(chain))
goto next;
ret = nft_is_chain_compatible(h, chain);
diff --git a/iptables/tests/shell/testcases/nft-only/0001compat_0 b/iptables/tests/shell/testcases/nft-only/0001compat_0
new file mode 100755
index 00000000..4319ea5a
--- /dev/null
+++ b/iptables/tests/shell/testcases/nft-only/0001compat_0
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# test case for bug fixed in
+# commit 873c5d5d293991ee3c06aed2b1dfc5764872582f (HEAD -> master)
+# xtables: avoid bogus 'is incompatible' warning
+
+case "$XT_MULTI" in
+*/xtables-nft-multi)
+ nft -v >/dev/null || exit 0
+ nft 'add table ip nft-test; add chain ip nft-test foobar { type filter hook forward priority 42; }' || exit 1
+ nft 'add table ip6 nft-test; add chain ip6 nft-test foobar { type filter hook forward priority 42; }' || exit 1
+
+ $XT_MULTI iptables -L -t filter || exit 1
+ $XT_MULTI ip6tables -L -t filter || exit 1
+ ;;
+*)
+ echo skip $XT_MULTI
+ ;;
+esac
+
+exit 0